search

debuerreotype / docker-debian-artifacts

Official builds of debuerreotype-generated Debian tarballs for use in Docker
https://docker.debian.net
Apache License 2.0
317 stars 104 forks source link

CVE-2022-48303 fix for debian:bullseye-slim image. #213

Closed echristie-bc closed 9 months ago

echristie-bc commented 9 months ago

Hi Docker Debian Team,

Could the CVE-2022-48303 for tar package be fixed in debian:bullseye-slim image ?

Thank you.

tianon commented 9 months ago

https://security-tracker.debian.org/tracker/CVE-2022-48303

Crash in CLI tool, no security impact

That being said, there is a Debian rebuild in progress for the point releases that happened this weekend.

echristie-bc commented 9 months ago

Hi Tianon,

Is there an estimate on when the new debian:bullseye-slim image with the fix would be available ?

Thank you.

tianon commented 9 months ago

Unfortunately the best I can offer is "when it's ready" (especially as this isn't a critical or even non critical security issue).

However, rebuilds are done, update is at https://github.com/docker-library/official-images/pull/16234